- •Part 1 : Introduction and general model
- •Version 0.6
- •Foreword
- •Introduction
- •1.1 Objective
- •1.2 Target audience
- •1.3 Interested parties and expected benefits
- •1.4 Scope
- •Figure 1.2 - Evaluation framework
- •1.5 Document organisation
- •1.6 Document conventions and terminology
- •Universal principles of evaluation
- •2.1.1 Appropriateness
- •2.1.2 Impartiality
- •2.1.3 Objectivity
- •2.1.4 Repeatability and reproducibility
- •2.1.5 Soundness of results
- •2.2 Assumptions
- •2.2.1 Cost-effectiveness
- •2.2.2 Methodology evolution
- •2.2.3 Re-usability
- •2.2.4 Terminology
- •General model
- •3.1 Responsibilities of the roles
- •3.1.1 Sponsor
- •45 The responsibilities of the sponsor include:
- •3.1.2 Developer
- •46 The responsibilities of the developer include:
- •3.1.3 Evaluator
- •47 The responsibilities of the evaluator include:
- •3.1.4 Overseer
- •48 The responsibilities of the overseer include:
- •3.1.5 Relationship of the roles
- •Developer
- •Sponsor
- •Evaluator
- •Overseer
- •Developer
- •Sponsor
- •Evaluator
- •Overseer
- •3.2 Evaluation process overview
- •3.2.1 Preparation
- •Figure 3.2 - Preparation stage
- •3.2.2 Conduct
- •Figure 3.3 - Conduct stage
- •3.2.3 Conclusion
- •Figure 3.4 - Conclusion stage
- •Annex A
- •Glossary
- •73 Deliverable:
- •74 Developer:
- •75 Element:
- •76 Evaluation:
- •77 Evaluation Assurance Level:
- •78 Evaluation Authority:
- •79 Evaluation Deliverable:
- •80 Evaluation Evidence:
- •81 Evaluation Process:
- •82 Evaluation Result:
- •83 Evaluation Summary Report:
- •84 Evaluation Technical Report:
- •85 Evaluator:
- •86 Evaluator Action Element:
- •87 Interim Verdict:
- •88 Interpretation:
- •89 Methodology:
- •90 Observation Report:
- •91 Overall Verdict:
- •92 Overseer:
- •93 Oversight Deliverable:
- •94 Oversight Verdict:
- •95 Protection Profile:
- •96 Role:
- •97 Scheme:
- •98 Security Target:
- •99 Sponsor:
- •100 Target of Evaluation:
- •101 Verdict:
- •CEM observation report (CEMOR)
- •108 Full name of the originator.
- •109 The originator’s organisation/affiliation.
- •111 Submission date of observation YY/MM/DD.
- •113 A short descriptive title for this CEMOR.
- •$1: A. N. Other
- •$5: CEMOR.ano.comment.1
- •$6: Spelling Error
3 - General model |
CEM-97/017 |
D R A F T
3.2.2Conduct
56 |
The conduct stage is the main part of the evaluation process (see Figure 3.3). |
|
During the conduct stage, the evaluator reviews the evaluation deliverables |
|
received from the sponsor or developer and performs the evaluator actions |
|
required by the assurance criteria. |
57 |
During the evaluation, the evaluator may generate observation reports. The |
|
evaluator may request clarification on the application of a requirement from the |
|
overseer using an observation report. This request could result in an interpretation |
|
of a requirement to ensure consistent application of the requirement in future |
|
evaluations. The evaluator may also use the observation report to identify a |
|
potential vulnerability or deficiency and to request additional information from the |
|
sponsor or the developer. The distribution of the observation reports may be |
|
further specified in the scheme. |
58 |
The overseer monitors the evaluation as required by the scheme. The evaluator |
|
produces the Evaluation Technical Report (ETR) which contains the overall |
|
verdict and the justification for the verdict. |
Page 14 of 24 |
Version 0.6 |
97/01/11 |
CEM-97/017 |
|
3 - General model |
D R A F |
T |
|
|
Developer |
|
observation reports |
|
observation reports |
evaluation deliverables |
|
evaluation deliverables |
evaluation deliverables |
||
Sponsor |
|
Evaluator |
observation reports |
||
|
|
interpretations |
|
|
observation reports |
|
Overseer |
|
Figure 3.3 - Conduct stage |
||
97/01/11 |
Version 0.6 |
Page 15 of 24 |